FOR CUSTOMERS

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Android.Packed.47075

Added to the Dr.Web virus database: 2019-10-04

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Cooee.1
Network activity:
Connects to:
  • UDP(DNS) 1####.254.116.116:53
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) n####.ssp.qq.com:80
  • TCP(HTTP/1.1) op.s####.qq.com:80
  • TCP(HTTP/1.1) h5.mid.td####.com:80
  • TCP(HTTP/1.1) i####.g####.com.####.net:80
  • TCP(HTTP/1.1) s####.tc.qq.com:80
  • TCP(HTTP/1.1) mt####.qq.com:80
  • TCP(HTTP/1.1) norma-e####.m####.com:80
  • TCP(HTTP/1.1) p.l.q####.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) pin####.qq.com:80
  • TCP(HTTP/1.1) m####.3g.qq.com:80
  • TCP(HTTP/1.1) v.g####.qq.com:80
  • TCP(HTTP/1.1) bt####.qq.com:80
  • TCP(HTTP/1.1) r.i####.qq.com:80
  • TCP(HTTP/1.1) p.s####.qq.com:80
  • TCP(HTTP/1.1) o####.qq.com:80
  • TCP(HTTP/1.1) w.i####.qq.com:80
  • TCP(HTTP/1.1) w####.qq.com:80
  • TCP(HTTP/1.1) vv6.v####.qq.com:80
  • TCP(HTTP/1.1) s####.v####.qq.com:80
  • TCP(HTTP/1.1) n####.l.qq.com:80
  • TCP(HTTP/1.1) n.s####.qq.com:80
  • TCP(HTTP/1.1) d####.qq.com:80
  • TCP(HTTP/1.1) i####.g####.com.####.com:80
  • TCP(HTTP/1.1) comm####.v.qq.com:80
  • TCP(HTTP/1.1) oth.up####.mdt.####.com:8080
  • TCP(TLS/1.0) w.i####.qq.com:443
  • TCP(TLS/1.0) i####.g####.com.####.net:443
  • TCP(TLS/1.0) up.i####.qq.com:443
  • TCP(TLS/1.0) s####.tc.qq.com:443
  • TCP(TLS/1.0) w####.qq.com:443
  • TCP(TLS/1.0) mt####.qq.com:443
  • TCP(TLS/1.0) h5.mid.td####.com:443
  • TCP(TLS/1.0) k.s####.qq.com:443
  • TCP oth.eve.mdt.####.com:8081
  • TCP oth.str.mdt.####.com:8081
  • TCP s####.tc.qq.com:443
DNS requests:
  • 254.109.168.####.arpa
  • and####.b####.qq.com
  • bks####.v####.qq.com
  • bt####.qq.com
  • comm####.v.qq.com
  • d####.qq.com
  • h5.s####.qq.com
  • i####.g####.com
  • k.s####.qq.com
  • m####.3g.qq.com
  • mt####.qq.com
  • n####.l.qq.com
  • n####.m####.qq.com
  • n####.ssp.qq.com
  • n.s####.qq.com
  • norma-e####.m####.com
  • o####.qq.com
  • op.s####.qq.com
  • oth.eve.mdt.####.com
  • oth.str.mdt.####.com
  • oth.up####.mdt.####.com
  • p####.g####.cn
  • p.l.q####.com
  • p.s####.qq.com
  • pin####.qq.com
  • pnew####.tc.qq.com
  • r.i####.qq.com
  • s####.v####.qq.com
  • s.i####.g####.com
  • splash####.g####.com
  • up.i####.qq.com
  • v.g####.qq.com
  • vv6.v####.qq.com
  • w####.qq.com
  • w.i####.qq.com
HTTP GET requests:
  • comm####.v.qq.com/commdatav2?platform=####&os=####&qqlog=####&selfguid=#...
  • h5.mid.td####.com/spa/20190904044001.zip
  • i####.g####.com.####.com/newsapp_ls/0/2151edb117ebf4e273be37564b3a34bc/0
  • i####.g####.com.####.com/newsapp_ls/0/7c5e5fcee804b03d394755748fcf7838/0...
  • i####.g####.com.####.com/newsapp_ls/0/c1a55733ecffca21df42e014f464d9ad/0
  • i####.g####.com.####.net/newsapp_ls/0/011aa0621309ecfab8acc20e7b8e3e30/0
  • i####.g####.com.####.net/newsapp_ls/0/08a147e8119f9c00bf56f3f561d81627/0...
  • i####.g####.com.####.net/newsapp_ls/0/0985a31e374b2730208e21482d5cb00f/0
  • i####.g####.com.####.net/newsapp_ls/0/09d2d335dff7dae44735234d7a9e163c/0
  • i####.g####.com.####.net/newsapp_ls/0/0afe6265dc8a06dc1714d88c0bb3b3a6/0
  • i####.g####.com.####.net/newsapp_ls/0/10445700456_197130/0?tp=####
  • i####.g####.com.####.net/newsapp_ls/0/10445700457_197130/0?tp=####
  • i####.g####.com.####.net/newsapp_ls/0/10445700458_197130/0?tp=####
  • i####.g####.com.####.net/newsapp_ls/0/10445776635_870492/0?tp=####
  • i####.g####.com.####.net/newsapp_ls/0/10445785041_870492/0?tp=####
  • i####.g####.com.####.net/newsapp_ls/0/10445947830_294195/0?tp=####
  • i####.g####.com.####.net/newsapp_ls/0/13c462f95d37090db80bfd58fcd8c73e/0
  • i####.g####.com.####.net/newsapp_ls/0/214174d957805441135aef21fd29c564/0
  • i####.g####.com.####.net/newsapp_ls/0/26423c85c2117f7e3cc7a321f89aab67/0
  • i####.g####.com.####.net/newsapp_ls/0/28c2b0d20f58e3044f90fdd7361bd554/0
  • i####.g####.com.####.net/newsapp_ls/0/363a89cdabb9e243ea3cca02fa9c15eb/0...
  • i####.g####.com.####.net/newsapp_ls/0/3d3d8b3c7a702747580b241934ec8daf/0
  • i####.g####.com.####.net/newsapp_ls/0/3d50750a4ecf5aeeb31e9b48409ae456/0...
  • i####.g####.com.####.net/newsapp_ls/0/3e192ff67d97f581d00e59d6d0d9feed/0
  • i####.g####.com.####.net/newsapp_ls/0/3e1cc519621eda5a0eca37a9fc3c83e8/0
  • i####.g####.com.####.net/newsapp_ls/0/451a81f0f359ebfb8db2a96997a9ebff/0
  • i####.g####.com.####.net/newsapp_ls/0/4851725973002f7cf487eb266e98717b/0
  • i####.g####.com.####.net/newsapp_ls/0/4e9c3740e7af51ae24b3486aab0c5511/0
  • i####.g####.com.####.net/newsapp_ls/0/5812dc0613208fa11ff41ffdbeea45e7/0
  • i####.g####.com.####.net/newsapp_ls/0/5961ae4f01722dff2719e9bbbb6b904f/0
  • i####.g####.com.####.net/newsapp_ls/0/5b0ddfda8797ea5f52f86a3573a60397/0
  • i####.g####.com.####.net/newsapp_ls/0/65c0232e49ef9a8ac955fa237d964281/0
  • i####.g####.com.####.net/newsapp_ls/0/6772fb659324b6667b0e634085c1c1c0/0
  • i####.g####.com.####.net/newsapp_ls/0/6cb6145015f09a761bb5c03419b7013a/0
  • i####.g####.com.####.net/newsapp_ls/0/6e26387d62aeb06d7c466ba39b0e1fa2/0
  • i####.g####.com.####.net/newsapp_ls/0/75ec47f3c80d00d8e8dfddc2ebe2eeb6/0
  • i####.g####.com.####.net/newsapp_ls/0/768063b339f41d26608106e6d82b8ce6/0
  • i####.g####.com.####.net/newsapp_ls/0/781d9a6ef47083b2fda5a1717292aa20/0
  • i####.g####.com.####.net/newsapp_ls/0/7a5571480d1990aa18464105e247c2ac/0
  • i####.g####.com.####.net/newsapp_ls/0/843646a17a85811cc0e7875f1556a1a2/0
  • i####.g####.com.####.net/newsapp_ls/0/8869bf1879a699cfaaa7088e11e0e4ec/0...
  • i####.g####.com.####.net/newsapp_ls/0/8fa2a67af2cbadc914fc2f0896ee5179/0
  • i####.g####.com.####.net/newsapp_ls/0/99c8b63df3609365371d0d23141f3820/0
  • i####.g####.com.####.net/newsapp_ls/0/9d86be83c59d28aca272064641807ae2/0
  • i####.g####.com.####.net/newsapp_ls/0/a8c28f0a23cc7150ed1bfcbd5714e202/0
  • i####.g####.com.####.net/newsapp_ls/0/a92a0af4ed2e88bdec79d11678f21dad/0
  • i####.g####.com.####.net/newsapp_ls/0/aaefcdfb08dc9cddd38236de679d9169/0
  • i####.g####.com.####.net/newsapp_ls/0/c1a55733ecffca21df42e014f464d9ad/0
  • i####.g####.com.####.net/newsapp_ls/0/d2bdfa7f052bc6adccf1b575f91e5534/0
  • i####.g####.com.####.net/newsapp_ls/0/d2ee531b90407c094b86f07e902eca67/0
  • i####.g####.com.####.net/newsapp_ls/0/d6f855d118bf7e2a2f1b6727244fa1ce/0
  • i####.g####.com.####.net/newsapp_ls/0/de3a6ecbfd325e871a74a21debb91bf2/0
  • i####.g####.com.####.net/newsapp_ls/0/e17a3128a26b08690b758390c130d5ff/0
  • i####.g####.com.####.net/newsapp_ls/0/ee3f76bfc88937aa1d75c321b5400fa6/0...
  • i####.g####.com.####.net/newsapp_ls/0/efc07e27356987f008b340b1c3018347/0
  • i####.g####.com.####.net/newsapp_ls/0/f24a97ff09d2831dae4b15e11d3264c6/0
  • i####.g####.com.####.net/newsapp_ls/0/f35242712a2cd7bb2d81859600866197/0
  • i####.g####.com.####.net/newsapp_ls/0/f48e7ee1ef89186f187f98dacbec1372/0
  • mt####.qq.com/kvcollect?BossId=####&Pwd=####&count=####&appkey=####&ui=#...
  • norma-e####.m####.com/android/exchange/getpublickey.do
  • o####.qq.com/
  • o####.qq.com/?k=####&s=####
  • op.s####.qq.com/frame?pf=####&md5=####
  • p.l.q####.com/p?oid=####&loc=####&loid=####&seq=####&index=####&channel=...
  • p.s####.qq.com/p?oid=####&cid=####&loc=####&soid=####&loid=####&pvLimit=...
  • r.i####.qq.com/getBarSkinAndroid?baseid=####&isColdLaunch=####&is_specia...
  • r.i####.qq.com/getSysPublishConfigAndroid?appName=####&resId=####&baseid...
  • s####.tc.qq.com/gdt/0/DAAl8p6AQ4AeAACTBdIyl7Ar6WeOsH.jpg/0?ck=####
  • s####.tc.qq.com/gdt/0/DAAl8p6AQ4AeAACUBdIyk3CIv_Hyd4.jpg/0?ck=####
  • s####.tc.qq.com/gdt/0/DAAqMipAQ4AeAACDBdfzi5DaiBnoez.jpg/0?ck=####
  • s####.tc.qq.com/gdt/0/DAAqMipAQ4AeAACKBdjtRcAFrFtOyb.jpg/0?ck=####
  • s####.tc.qq.com/gdt/0/DAArZzaAQ4AeAABcBdb4puBXj9Vmf3.jpg/0?ck=####
  • s####.tc.qq.com/gdt/0/EAAlhmcAQ4AeAAAAY77Bc9HuFAAS-ZdDz.jpg/0?ck=####
  • s####.tc.qq.com/inewsapp/QQNews_android/lottie/tui/BAED13AECDBA33868487E...
  • s####.tc.qq.com/inewsapp/QQNews_android/res/test/<Package>/<Package>.vid...
  • s####.tc.qq.com/inewsapp/QQNews_android/sigmapatch/<Package>/5.8.80/5885...
  • s####.tc.qq.com/website/201909/txkjsz_ANS_20190930150045689.jpg?md5=####
  • s####.tc.qq.com/website/201909/wzydd_ANS_20190930175906602628.jpg?md5=####
  • s####.tc.qq.com/website/201909/wzydd_ANS_20190930180531247229.jpg?md5=####
  • s####.v####.qq.com/getmfomat?platform=####&cpufreq=####&qqlog=####&model...
  • v.g####.qq.com/gdt_stats.fcg?viewid=####&i=####&os=####&datatype=####&et...
  • w####.qq.com/dnsQuery?dn=####&seq=####&format=####&appid=####&baseid=###...
  • w.i####.qq.com/getFullScreenPicAndroid?baseid=####&isColdLaunch=####&is_...
  • w.i####.qq.com/getPullDownPicAndroid?baseid=####&isColdLaunch=####&is_sp...
  • w.i####.qq.com/getSubLocalChannels?locId=####&baseid=####&isColdLaunch=#...
  • w.i####.qq.com/reportLog?data=####&op=####&baseid=####&isColdLaunch=####...
  • w.i####.qq.com/searchPage?pagefrom=####&baseid=####&isColdLaunch=####&is...
HTTP POST requests:
  • and####.b####.qq.com/rqd/async?aid=####
  • bt####.qq.com/kvcollect
  • d####.qq.com/dynamic/
  • m####.3g.qq.com/
  • mt####.qq.com/kvcollect
  • mt####.qq.com/mkvcollect
  • mt####.qq.com/mkvcollect?a=####&s=####&k=####&n=####
  • n####.l.qq.com/app
  • n####.ssp.qq.com/app
  • n.s####.qq.com/api/getGameCardConfig
  • norma-e####.m####.com/push/android/external/add.do
  • o####.qq.com/?s=####
  • op.s####.qq.com/stdlog
  • oth.up####.mdt.####.com:8080/beacon/vercheck
  • p.s####.qq.com/stdlog
  • pin####.qq.com/request
  • r.i####.qq.com/getTrackingTokenValue?uid=####&qimei=####&omgid=####&true...
  • vv6.v####.qq.com/checktime
  • vv6.v####.qq.com/getvinfo?sphls=####&platform=####&appVer=####&defn=####...
  • w.i####.qq.com/getPatchAndroid2?uid=####&qn-rid=####&store=####&targetsd...
  • w.i####.qq.com/getQQNewsRemoteConfigAndroid?newFrom=####&SubMenuVersion=...
  • w.i####.qq.com/getUserExpConfs?uid=####&qimei=####&omgid=####&trueVersio...
  • w.i####.qq.com/reportPatchLog2?uid=####&qn-rid=####&store=####&op=####&t...
File system changes:
Creates the following files:
  • /data/anr/traces.txt
  • /data/data/####/-1749238835
  • /data/data/####/.init.tmp
  • /data/data/####/.patchInfo
  • /data/data/####/02df95cb33152c988042091659855239.pic
  • /data/data/####/0752631a176ddf1fb5c5f1f261d93da5.pic
  • /data/data/####/0fbc69f3dde647c300c83fbf92b0160b.pic
  • /data/data/####/1.jar
  • /data/data/####/10.jar
  • /data/data/####/1004
  • /data/data/####/11.jar
  • /data/data/####/1433571038
  • /data/data/####/1479964504.tmp
  • /data/data/####/184814892
  • /data/data/####/21.jar
  • /data/data/####/312605458
  • /data/data/####/398968707
  • /data/data/####/5.jar
  • /data/data/####/6.jar
  • /data/data/####/65c8d9e23feee6a9e656eb2c41fd7a40.pic
  • /data/data/####/6ae4fc68ff1fdf3c04bf9df0ea8b2b8e.pic
  • /data/data/####/764e09acb5a1c3a8e18a18979d71f1c3.pic
  • /data/data/####/9.jar
  • /data/data/####/ADCORE_SP_MANAGER.xml
  • /data/data/####/AD_MANAGER.xml
  • /data/data/####/Ad_Cache.xml
  • /data/data/####/BODY_SP.xml
  • /data/data/####/BPR
  • /data/data/####/DENGTA_META.xml
  • /data/data/####/EPR
  • /data/data/####/LocationSDK.xml
  • /data/data/####/NSTJ
  • /data/data/####/OCD_N
  • /data/data/####/SLNEOPT
  • /data/data/####/SPC
  • /data/data/####/SPLASH_AD_MANAGER.xml
  • /data/data/####/SPLASH_IMG_DOWNLOAD_TS.xml
  • /data/data/####/SSP_DATA.xml
  • /data/data/####/SharpPInfo.db-journal
  • /data/data/####/SpAppInitConfig.xml
  • /data/data/####/SpRedpacket.xml
  • /data/data/####/Static_Info.xml
  • /data/data/####/TMSPropertiesb_d_pre.xml
  • /data/data/####/TMSPropertiestms.xml
  • /data/data/####/TencentCookie.db-journal
  • /data/data/####/WLOGIN_DEVICE_INFO.xml
  • /data/data/####/a2027c9c37da23031b798907f0815767.pic
  • /data/data/####/ad_news.db-journal
  • /data/data/####/ads.utility.Utils.xml
  • /data/data/####/ams.CookiePrefsFile.xml
  • /data/data/####/amsSplashData
  • /data/data/####/beacon_cover.xml
  • /data/data/####/beacon_cover_check.lock
  • /data/data/####/beacon_cover_load.lock
  • /data/data/####/beacon_db-journal
  • /data/data/####/beacon_sig_1.lock
  • /data/data/####/beacon_so.xml
  • /data/data/####/boss_app_force_kill.xml
  • /data/data/####/bugly_db_-journal
  • /data/data/####/c30663d6c565f41e8ebe8ea81ca52229.pic
  • /data/data/####/cc_c_t_m_l_txsdk.xml
  • /data/data/####/channel_recorder_sp.xml
  • /data/data/####/classes.dex
  • /data/data/####/classes.patch
  • /data/data/####/classes2.dex
  • /data/data/####/classes2.patch
  • /data/data/####/classes3.dex
  • /data/data/####/classes3.patch
  • /data/data/####/classes4.dex
  • /data/data/####/classes4.patch
  • /data/data/####/cn.com.mma.mobile.tracking.stream.other.xml
  • /data/data/####/cn.com.mma.mobile.tracking.stream.sdkconfig.xml
  • /data/data/####/com.android.app.cache.bak
  • /data/data/####/com.tencent.admontageplugin_58703.tmp
  • /data/data/####/com.tencent.news-1.apk.classes2.zip
  • /data/data/####/com.tencent.news-1.apk.classes3.zip
  • /data/data/####/com.tencent.news-1.apk.classes4.zip
  • /data/data/####/com.tencent.news.emoji_57670.tmp
  • /data/data/####/com.tencent.news.mid.world.ro.xml
  • /data/data/####/com.tencent.news.p2p_56272.tmp
  • /data/data/####/com.tencent.news.sports_58675.tmp
  • /data/data/####/com.tencent.news.tad.bottom_float_count.xml
  • /data/data/####/com.tencent.news.tad.business.utils.xml
  • /data/data/####/com.tencent.news.tad.config.xml
  • /data/data/####/com.tencent.news.tad.freq_limit.xml
  • /data/data/####/com.tencent.news.tad.game_union.xml
  • /data/data/####/com.tencent.news.tad.ping.xml
  • /data/data/####/com.tencent.news.tad.stat.xml
  • /data/data/####/com.tencent.news.tad.tab_float_count.xml
  • /data/data/####/com.tencent.news.tad.webview_cache.xml
  • /data/data/####/com.tencent.news.videoso_58670.tmp
  • /data/data/####/com.tencent.news;PushServiceodk_pri_pre_db.xml
  • /data/data/####/com.tencent.news_preferences.xml
  • /data/data/####/com.tencent.newsodk_pri_pre_db.xml
  • /data/data/####/com.tencent.newsplayer_odk_pri_pre_db.xml
  • /data/data/####/com.tencent.tad.stat.xml
  • /data/data/####/com.tencent.tmassistant_57671.tmp
  • /data/data/####/com.x.y.1.xml
  • /data/data/####/com.x.y.2.xml
  • /data/data/####/comment_cache.db
  • /data/data/####/comment_cache.db-journal
  • /data/data/####/crashrecord.xml
  • /data/data/####/d03c5875ad39a517e5464f65cb9c7320.pic
  • /data/data/####/event_log.db-journal
  • /data/data/####/f2302d8f445b3178a17f8aec7d3b8d4f.pic
  • /data/data/####/favor_sync.db-journal
  • /data/data/####/key_channel.xml
  • /data/data/####/key_channel_info.xml
  • /data/data/####/libBeacon.so
  • /data/data/####/libPlayerCore_neon_news.so
  • /data/data/####/libTxCodec_neon_news.so
  • /data/data/####/local_crash_lock
  • /data/data/####/mipush_country_code
  • /data/data/####/mipush_country_code.lock
  • /data/data/####/mipush_region
  • /data/data/####/mipush_region.lock
  • /data/data/####/multidex.version.xml
  • /data/data/####/name_file
  • /data/data/####/name_file-journal
  • /data/data/####/native_record_lock
  • /data/data/####/news_cache.db
  • /data/data/####/news_cache.db-journal
  • /data/data/####/openudid_prefs.xml
  • /data/data/####/p.l
  • /data/data/####/patch.p
  • /data/data/####/podk_com.tencent.news_boss_cmd_vv_20191004.xml
  • /data/data/####/pull_list_update_time.xml
  • /data/data/####/push_guide_sp_config.xml
  • /data/data/####/reg_record.txt
  • /data/data/####/remote_config.xml
  • /data/data/####/rqd_record.eup
  • /data/data/####/rtt_record.db
  • /data/data/####/rtt_record.db-journal
  • /data/data/####/security_info
  • /data/data/####/sp.config.abtest.xml
  • /data/data/####/sp_ad_config.xml
  • /data/data/####/sp_advert.xml
  • /data/data/####/sp_app_grey_mode_enable.xml
  • /data/data/####/sp_cell.xml
  • /data/data/####/sp_channel_config.xml
  • /data/data/####/sp_channel_history.xml
  • /data/data/####/sp_channel_personalized_helper.xml
  • /data/data/####/sp_channel_refresh_time.xml
  • /data/data/####/sp_comment_page.xml
  • /data/data/####/sp_config.xml
  • /data/data/####/sp_config.xml.bak
  • /data/data/####/sp_config_user.xml
  • /data/data/####/sp_dns_config_mainProcess.xml
  • /data/data/####/sp_forbiden_comment_news.xml
  • /data/data/####/sp_game_download_info.xml
  • /data/data/####/sp_gray_switch.xml
  • /data/data/####/sp_hotpatch.xml
  • /data/data/####/sp_hotpatch_digest.xml
  • /data/data/####/sp_hotpatch_digest_main.xml
  • /data/data/####/sp_hotpatch_flow_control.xml
  • /data/data/####/sp_init_app.xml
  • /data/data/####/sp_jump_autside_recommend_info.xml
  • /data/data/####/sp_jump_autside_recommend_ver.xml
  • /data/data/####/sp_keep_config.xml
  • /data/data/####/sp_king_card.xml
  • /data/data/####/sp_lottie.xml
  • /data/data/####/sp_net_config.xml
  • /data/data/####/sp_news_detail_had_recommend.xml
  • /data/data/####/sp_news_had_dislike.xml
  • /data/data/####/sp_news_had_like.xml
  • /data/data/####/sp_news_had_read.xml
  • /data/data/####/sp_offline.xml
  • /data/data/####/sp_offline_progress.xml
  • /data/data/####/sp_offlinechanneltime.xml
  • /data/data/####/sp_pic_slide_had_report.xml
  • /data/data/####/sp_pushMsg.xml
  • /data/data/####/sp_pushStats.xml
  • /data/data/####/sp_push_close_push_log.xml
  • /data/data/####/sp_push_config.xml
  • /data/data/####/sp_push_request_seq.xml
  • /data/data/####/sp_res.xml
  • /data/data/####/sp_res.xml.bak (deleted)
  • /data/data/####/sp_setting.xml
  • /data/data/####/sp_short_cut.xml
  • /data/data/####/sp_special_info.xml
  • /data/data/####/sp_subchannel_datamap.xml
  • /data/data/####/sp_timer_pool.xml
  • /data/data/####/sp_tn_install_track.xml
  • /data/data/####/sp_update_version_code.xml
  • /data/data/####/sp_user_time_expose.xml
  • /data/data/####/sp_user_uin.xml
  • /data/data/####/sp_video_so_since_5870.xml
  • /data/data/####/sp_vote_iptid.xml
  • /data/data/####/sp_wake_record.xml
  • /data/data/####/sp_wxopen_wlist.xml
  • /data/data/####/stay_time_sp.xml
  • /data/data/####/tencent_odk_com.tencent.news;PushService_B33E60...ournal
  • /data/data/####/tencent_odk_com.tencent.news_B33E60DDDEF5A92B3A...ournal
  • /data/data/####/tencent_odk_player_com.tencent.news_B33E60DDDEF...ournal
  • /data/data/####/tmsdk_dualsim_shark.xml
  • /data/data/####/video_so.xml
  • /data/data/####/video_tab_sp.xml
  • /data/data/####/webview.db-journal
  • /data/data/####/webview_gpu_cache_error.xml
  • /data/data/####/weibo_config.xml
  • /data/data/####/wlogin_device.dat
  • /data/media/####/.mid.txt
  • /data/media/####/.mid.txt1000001
  • /data/media/####/.nomedia
  • /data/media/####/0109b08cb7366a7b466103926d67e890.-416629283.tmp
  • /data/media/####/0109b08cb7366a7b466103926d67e890.-444205382.tmp
  • /data/media/####/01714dc7f5517d20ba52da3f0edea67d.-1246361442.tmp
  • /data/media/####/02df95cb33152c988042091659855239.pic
  • /data/media/####/057ca8750c510df416f47d6d830e8e7b.1955520818.tmp
  • /data/media/####/067a23da11ae299dbf0309be200c518b.2066766012.tmp
  • /data/media/####/067a23da11ae299dbf0309be200c518b.980827179.tmp
  • /data/media/####/0752631a176ddf1fb5c5f1f261d93da5.pic
  • /data/media/####/089474e7771b2445b33fc655c3092637.-1212230446.tmp
  • /data/media/####/089474e7771b2445b33fc655c3092637.-818081549.tmp
  • /data/media/####/0fbc69f3dde647c300c83fbf92b0160b.pic
  • /data/media/####/12d5a5ae65ec1a414c8c2879e4ad0951.1119340927.tmp
  • /data/media/####/14086e8ba3a940429f573a4ebb8a5130.-1858169197.tmp
  • /data/media/####/1677af78cab18e0eb761d5c77d0f7564.1179969875.tmp
  • /data/media/####/1a7d64e3b969b0069190c9a6ac07181d.-651519380.tmp
  • /data/media/####/2019-10-04.log.txt
  • /data/media/####/233d25e0b72ee7cc98c64b5834da20bd.-1570546624.tmp
  • /data/media/####/308fcb27858205521033c7e9df993350.-1481241887.tmp
  • /data/media/####/308fcb27858205521033c7e9df993350.2065726709.tmp
  • /data/media/####/329536a106564fef68b5ca66aece9ba4.-1394246032.tmp
  • /data/media/####/37dfcccc09b8f0f57186371a2997a3a3.1311388849.tmp
  • /data/media/####/384b4c20fac21ffdca9d1ee6bb4c0b30.-1428663563.tmp
  • /data/media/####/38d02b3ea43f8222ef7164f4402c4c4d.1645483877.tmp
  • /data/media/####/3f9bf6db6815d8b0f446bbcaba086653.-1287712635.tmp
  • /data/media/####/459c52cb5e231101ec437ac408ab5740.-1311842878.tmp
  • /data/media/####/462b604622e7ce31a7efdd6b74ba7e5b.-2112621565.tmp
  • /data/media/####/48ebc69b6e45afb0d8e112d169d0c796.-1224637049.tmp
  • /data/media/####/492bf93fa9a62f65e151fe122235e368.-511610505.tmp
  • /data/media/####/49ae1e532fc5d4b761565acb2b605893.674179875.tmp
  • /data/media/####/511a718860c241281b7648e97b7fec7c.425389514.tmp
  • /data/media/####/511a718860c241281b7648e97b7fec7c.944896707.tmp
  • /data/media/####/55b1b4f492a5bc4d5d713a5eb1e3f585.335223506.tmp
  • /data/media/####/568c1f91afaaf9b97e30e0d1fc636b27.-1803360605.tmp
  • /data/media/####/568c1f91afaaf9b97e30e0d1fc636b27.806428187.tmp
  • /data/media/####/5e0de24ac1f511ae3e14cb0bb0771d93.-1228744617.tmp
  • /data/media/####/629c47aa1e2fe96a57129407d2c4878e.-1551166492.tmp
  • /data/media/####/65c8d9e23feee6a9e656eb2c41fd7a40.pic
  • /data/media/####/6ae4fc68ff1fdf3c04bf9df0ea8b2b8e.pic
  • /data/media/####/733d5ceb6d635af16cfff343ccaf8875.498801984.tmp
  • /data/media/####/764e09acb5a1c3a8e18a18979d71f1c3.pic
  • /data/media/####/785cfe60e6fbe1215c0887e2b426928f.-1926463365.tmp
  • /data/media/####/785cfe60e6fbe1215c0887e2b426928f.2115624151.tmp
  • /data/media/####/7efb91e849463691158adb5e68ce4735.-589062944.tmp
  • /data/media/####/7efb91e849463691158adb5e68ce4735.1824319497.tmp
  • /data/media/####/7fa7131bd6d4b0e59e9a74d9a6e50165.1099497957.tmp
  • /data/media/####/80a523a3e238a8bd293b3e714f17cfaa.-2070400990.tmp
  • /data/media/####/827f67f0b1fe7d7ef9faf9937a192049.1638983900.tmp
  • /data/media/####/83a107fb0ae6f834715a57d14ec51e7f.1258433295.tmp
  • /data/media/####/8449fd691f42f750ce7a515391952d4b.387101784.tmp
  • /data/media/####/8b1f6d833a198f9262a042ad725197d8.zip
  • /data/media/####/93bfe81e410337ebc3f79f62cc0c5486.1888845169.tmp
  • /data/media/####/95a6e94600626c6754e6a1eac5d03a74.1774754143.tmp
  • /data/media/####/95a6e94600626c6754e6a1eac5d03a74.810227041.tmp
  • /data/media/####/9637bf4a53faac46d23551acb096fba5.1788540925.tmp
  • /data/media/####/99289b85162f0cf81ed2ae15fb4208a6.-164550750.tmp
  • /data/media/####/99f69574a8a3383692ce874ea6362f7f.-751579676.tmp
  • /data/media/####/PatchLog_5880.txt
  • /data/media/####/a2027c9c37da23031b798907f0815767.pic
  • /data/media/####/a59a8c0a632d727a85dff1f6be904a8c.625727645.tmp
  • /data/media/####/a5f6a59c7a551c170ef87a5bb7e7f147.1102160188.tmp
  • /data/media/####/a5f6a59c7a551c170ef87a5bb7e7f147.156698705.tmp
  • /data/media/####/a5f90386ef69c109327d66eb435b393b.-187485950.tmp
  • /data/media/####/ac703cda694c4f26b4c278cb1633bb8d.2137222167.tmp
  • /data/media/####/afd6abcb95382348e87363ac9c513768.1724654080.tmp
  • /data/media/####/answer_live_pack_rain.tmp
  • /data/media/####/b4e982eb9f302bd38fd548efddc58754.-1061529256.tmp
  • /data/media/####/bacba46ae6801983c1eb01ff4792b5c4.1087720613.tmp
  • /data/media/####/bb24326923a2e6087583a8524200f30d.2067339515.tmp
  • /data/media/####/bb24326923a2e6087583a8524200f30d.766588241.tmp
  • /data/media/####/bf0334c8e4ba51769c6c2cb6c0c0c833.290477547.tmp
  • /data/media/####/bg
  • /data/media/####/bgSmall
  • /data/media/####/brand_ad_header_bg.png
  • /data/media/####/c006e6276c8f558b57afb5b4959b94da.1808150637.tmp
  • /data/media/####/c20ae9264f7114a2639fed56c1b357ae.-892922617.tmp
  • /data/media/####/c30663d6c565f41e8ebe8ea81ca52229.pic
  • /data/media/####/c3f7214bbeec72740539deebde0e3958.-658780746.tmp
  • /data/media/####/c3f7214bbeec72740539deebde0e3958.1650165131.tmp
  • /data/media/####/c52434f41bd32c696b4e497792b64a8a.-1451539307.tmp
  • /data/media/####/c6c120299d5d72b43943e2ff58d98e25.1925123554.tmp
  • /data/media/####/cache_version
  • /data/media/####/cb6dadc4a06f59a32400885ceeeb229f.-1554262034.tmp
  • /data/media/####/cf_hs_2.dat
  • /data/media/####/cf_lk_2.dat
  • /data/media/####/cf_st_2.dat
  • /data/media/####/com.tencent.news__OTHER_DEVICE_INFO___1100032544
  • /data/media/####/com.tencent.news_push_config.data
  • /data/media/####/com.tencent.news_runtime_log_flush.txt
  • /data/media/####/commodity-index-vundefined.js
  • /data/media/####/config.txt
  • /data/media/####/d03c5875ad39a517e5464f65cb9c7320.pic
  • /data/media/####/d2e705d7d3a31d30243b7aa93eeaf85f.815021025.tmp
  • /data/media/####/d8b8ab984dc2ffbce8aae94dc18ac34d.477769363.tmp
  • /data/media/####/de7be464db07fb86818e5543b6fe5e75.1045588885.tmp
  • /data/media/####/default-index-vundefined.js
  • /data/media/####/e16de0e61da33ef714a70fd5f2a82537.1736199497.tmp
  • /data/media/####/e16de0e61da33ef714a70fd5f2a82537.23341042.tmp
  • /data/media/####/e98dffc9e7ccbe5d12e09dc0c0eb04ca.1531609869.tmp
  • /data/media/####/extensionnews_news-loading
  • /data/media/####/extensionnews_news-loading-night
  • /data/media/####/extensionnews_news-refresh
  • /data/media/####/extensionnews_news-refresh-night
  • /data/media/####/extensionnews_recommend_main-loading
  • /data/media/####/extensionnews_recommend_main-loading-night
  • /data/media/####/extensionnews_recommend_main-refresh
  • /data/media/####/extensionnews_recommend_main-refresh-night
  • /data/media/####/extensiontop_nav_logo
  • /data/media/####/extensiontop_nav_logo-night
  • /data/media/####/extensiontop_pub_weibo_img_logo
  • /data/media/####/extensiontop_pub_weibo_img_logo-night
  • /data/media/####/f2302d8f445b3178a17f8aec7d3b8d4f.pic
  • /data/media/####/f49fe8ea42f0ce5ca2fc35576a481d42.1391670210.tmp
  • /data/media/####/f6fef887bb8ca202e69fb19517b1448c.1457640506.tmp
  • /data/media/####/f9a33a437e96168047c47cb817b8e928.-1098409386.tmp
  • /data/media/####/f9d53d911f2cc7bb43f4eee608058633.923743589.tmp
  • /data/media/####/fadfe210505d473d36c60ae5a814bc05.0
  • /data/media/####/fd3305f41b869dd5d1001f53735ec8d5.330792424.tmp
  • /data/media/####/game-index-vundefined.js
  • /data/media/####/history
  • /data/media/####/history_guid.data
  • /data/media/####/imageText-index-vundefined.js
  • /data/media/####/imageset-index-vundefined.js
  • /data/media/####/integral_first_complete.tmp
  • /data/media/####/integral_up.tmp
  • /data/media/####/journal
  • /data/media/####/journal.tmp
  • /data/media/####/judge_countdown_lottie.tmp
  • /data/media/####/lib-vundefined.js
  • /data/media/####/mainProcess_2019.10.04.txt
  • /data/media/####/mainProcess_log4log.txt
  • /data/media/####/medal_3_bronze_day.tmp
  • /data/media/####/medal_3_bronze_night.tmp
  • /data/media/####/medal_shenping_bronze_day.tmp
  • /data/media/####/medal_shenping_bronze_night.tmp
  • /data/media/####/medal_shenping_gold_day.tmp
  • /data/media/####/medal_shenping_gold_night.tmp
  • /data/media/####/medal_shenping_silver_day.tmp
  • /data/media/####/medal_shenping_silver_night.tmp
  • /data/media/####/medal_tui_bronze_day.tmp
  • /data/media/####/medal_tui_bronze_night.tmp
  • /data/media/####/medal_tui_gold_day.tmp
  • /data/media/####/medal_tui_gold_night.tmp
  • /data/media/####/medal_tui_silver_day.tmp
  • /data/media/####/medal_tui_silver_night.tmp
  • /data/media/####/meta.dat
  • /data/media/####/net_log_flush.txt
  • /data/media/####/news_live.tmp
  • /data/media/####/news_news.tmp
  • /data/media/####/news_recommend.tmp
  • /data/media/####/news_recommend_main.tmp
  • /data/media/####/news_vision.tmp
  • /data/media/####/permission.check
  • /data/media/####/pushProcess_2019.10.04.txt
  • /data/media/####/pushProcess_log4log.txt
  • /data/media/####/sub.tmp
  • /data/media/####/survey_countdown_lottie.tmp
  • /data/media/####/tingting_channel_play_tips.tmp
  • /data/media/####/tingting_channel_playing.tmp
  • /data/media/####/tingting_detail_entry_normal.tmp
  • /data/media/####/tingting_detail_entry_normal_v2.tmp
  • /data/media/####/tingting_detail_entry_playing.tmp
  • /data/media/####/tingting_detail_entry_playing_v2
  • /data/media/####/tingting_detail_entry_playing_v2.tmp
  • /data/media/####/tingting_enter_playing_tips.tmp
  • /data/media/####/tingting_entry_normal.tmp
  • /data/media/####/tingting_entry_playing.tmp
  • /data/media/####/user_center.tmp
  • /data/media/####/user_center_no_login.tmp
  • /data/media/####/video-index-vundefined.js
  • /data/media/####/video_detail_see_more.tmp
  • /data/media/####/wf4
  • /data/media/####/wf4_bf
  • /data/media/####/wtlogin_20191004.log
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  • /system/bin/sh -c getprop
  • /system/bin/sh -c getprop ro.build.fingerprint
  • /system/bin/sh -c type su
  • cat /proc/cpufreq/cpufreq_power_dump
  • cat /proc/net/dev_mcast
  • cat /proc/net/if_inet6
  • cat /proc/net/protocols
  • cat /proc/self/stack
  • cat /proc/sys/kernel/random/boot_id
  • getprop
  • getprop ro.build.fingerprint
Loads the following dynamic libraries:
  • Beacon
  • Bugly
  • TxCodec_neon_news
  • bitmapsTencent
  • ckeygenerator
  • gifimageTencent
  • libTmsdk-2.0.8-dual-mfr
  • libTxCodec_neon_news
  • libwtecdh
  • memchunkTencent
  • p2pproxy
  • readingpatch
  • tencentloc
  • tvideodownloadproxy_uniform
  • wtecdh
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CFB-NoPadding
  • AES-GCM-NoPadding
  • DES-CBC-PKCS5Padding
  • RSA-ECB-PKCS1Padding
  • RSA-NONE-PKCS1PADDING
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CFB-NoPadding
  • AES-GCM-NoPadding
  • DES-ECB-NoPadding
  • RSA-ECB-PKCS1Padding
Accesses the ITelephony private interface.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

© Doctor Web
2003 — 2022

Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies